function oauth2_server_check_client_secret in OAuth2 Server 7

Check if a raw client secret matches a stored hash.

This uses the same method as user_check_password().

Parameters

string $stored_hash: The stored client secret hash.

string $value: The new, raw value to check.

Return value

bool TRUE if the hashes match, FALSE otherwise.

2 calls to oauth2_server_check_client_secret()

OAuth2ServerAdminTestCase::testEditingClientSecret in tests/oauth2_server.test

Storage::checkClientCredentials in lib/Drupal/oauth2_server/Storage.php

File

./oauth2_server.module, line 626

Provides OAuth2 server functionality.

Code

function oauth2_server_check_client_secret($stored_hash, $value) {

  // The client may omit the client secret or provide NULL, and expect that to
  // be treated the same as an empty string.
  // See https://tools.ietf.org/html/rfc6749#section-2.3.1
  if ($stored_hash === '' && ($value === '' || $value === NULL)) {
    return TRUE;
  }
  require_once DRUPAL_ROOT . '/includes/password.inc';
  $new_hash = _password_crypt('sha512', $value, $stored_hash);
  return $new_hash && $new_hash == $stored_hash;
}